Alan, Only complementing..... He catches and releases the IP Look my authenticate section: authenticate { Auth-Type PAP { pap { reject = 1 } if(reject) { update control { Pool-Name := "inadi_pool"; } ok } } Auth-Type CHAP { chap { reject = 1 } if(reject) { update control { Pool-Name := "iandi_pool"; } ok } } Auth-Type MS-CHAP { mschap { reject = 1 } if(reject) { update control { Pool-Name := "inadi_pool"; } ok } } digest unix eap } And my Log: Wed Apr 13 16:51:31 2016 : Auth: Login OK: [testepppoe] (from client ce-teste-rb port 15728721 cli F8:1A:67:58:42:E7) Wed Apr 13 16:51:31 2016 : Info: Allocated IP: 192.168.11.208 from inadi_pool (did CE - TESTE PPPoE cli F8:1A:67:58:42:E7 port 15728721 user testepppoe) Wed Apr 13 16:51:31 2016 : Info: Released IP 192.168.11.208 (did CE - TESTE PPPoE cli F8:1A:67:58:42:E7 user testepppoe) Could you help me? Aurelio Em 13/04/2016 16:48, Aurélio de Souza Ribeiro Neto escreveu:
Alan,
Thanks!
It works, but I can Log "Invalid Login" before delivery IP?
Aurelio
Em 13/04/2016 10:09, Alan DeKok escreveu:
On Apr 13, 2016, at 8:51 AM, Aurélio de Souza Ribeiro Neto <netolistas@mpc.com.br> wrote:
Is it possible to allow access to a different POOL for users who authenticate with invalid login or password?
Only for people who aren't using EAP.
Users who connect with correct credentials would use the POOL according to their groups, and users with login and password invalids would be directed to another POOL? I hope I was clear.
Sure. In the "authenticate" section, do:
authenticate { ... Auth-Type pap { pap { reject = 1 }
if (reject) { update control { Pool-Name := "rejected_pool" }
ok }
}
... }
You'll have to customize it for your system, but the general idea is there.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html